SIEM Engineer

Roles and Responsibility

• Building, maintaining, and operating Splunk Enterprise and Splunk Enterprise Security SaaS Solution.
• Creating correlation searches for Cyber Operation requirements.
• Evaluating and analyzing business requirements and designing suitable solutions.
• Managing, coordinating, and implementing technical project activities and enhancements to services.
• Conducting Incident/Problem/Recovery activities.
• Supporting the Joint Operations Centre and incident response teams for detected security events.
• Creating and maintaining accurate and high-quality documentation.
• Supporting Operational effectiveness audit.
• Structuring phased deliverables to link long-term vision with time-boxed activities.
• Supporting the project delivery phase including testing and training, to ensure the agreed business solutions are delivered successfully.
• Working closely with developers and testers, to ensure delivery of functionality on time and with quality.
• Negotiating and soliciting engagement and support at all levels of the organization, particularly where support is low or challenging.
• Communicating clearly and regularly.
• Typically facing off against AVP VP level stakeholders.
• Considering the impact of actions and decisions on key stakeholders, seeking to deliver a positive outcome for those involved.
• Applying evaluative judgment and analytical skills to operate effectively within a complex and changing environment.
• Understanding the requirements and perspectives of stakeholders and integrating them into understanding of complex situations.
• Demonstrating a broad understanding of how the bank operates and the metrics used to measure performance.
• Analyzing problems and evaluating options in a logical and systematic way.
• Seeking the advice of stakeholders to better create clarity in complex situations, understand problems, evaluate options, and make decisions.

Job Requirements

• Knowledge of Splunk Enterprise architecture, distributed components, and Splunk Cloud.
• Knowledge of Splunk Enterprise Security administration and use cases.
• Experience with onboarding new data into Splunk and configuring Splunk Forwarders for data ingestion and extraction.
• Good understanding of the Common Information Model, data models, enrichment, and automation.
• Experience with installing and configuring Splunk add-ons to bring security logs into Splunk.
• Strong documentation skills to provide high-quality documentation for internal customers and technical teams.